Microsoft Windows up to Vista TrueType Font win32k.sys access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, has been found in Microsoft Windows up to Vista (Operating System). Affected by this issue is an unknown part in the library win32k.sys of the component TrueType Font Handler. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability.
The weakness was released 10/14/2014 by Ligen with CrowdStrike Intelligence Team/FireEye as MS14-058 as confirmed bulletin (Technet). The advisory is available at technet.microsoft.com. This vulnerability is handled as CVE-2014-4113 since 06/12/2014. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details as well as a public exploit are known. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.
A public exploit has been developed by Metasploit in Ruby and been published 2 weeks after the advisory. The exploit is available at securityfocus.com. It is declared as highly functional. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 78433 (MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90983 (Microsoft Windows Kernel-Mode Driver Remote Code Execution Vulnerability (MS14-058)). This issue was added on 05/04/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 05/25/2022:
Apply updates per vendor instructions.Applying the patch MS14-058 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (78433) and Exploit-DB (35101). krebsonsecurity.com is providing further details. Entries connected to this vulnerability are available at 67832, 67831, 67806 and 67811.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
Video
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: Metasploit
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 78433
Nessus Name: MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: ms14_058_track_popup_menu.rb
MetaSploit Name: Windows TrackPopupMenu Win32k NULL Pointer Dereference
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Patch: MS14-058
Suricata ID: 2019420
Suricata Class: 🔍
Suricata Message: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
06/12/2014 🔍10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/15/2014 🔍
10/15/2014 🔍
10/15/2014 🔍
10/28/2014 🔍
10/28/2014 🔍
04/25/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS14-058
Researcher: Ligen
Organization: CrowdStrike Intelligence Team/FireEye
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-4113 (🔍)
OVAL: 🔍
IAVM: 🔍
SecurityTracker: 1031022 - Windows Kernel-Mode Driver Flaws Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code
Vulnerability Center: 46433 - [MS14-058] Microsoft Windows Local Privileges Escalation in Win32k.sys - CVE-2014-4113, Medium
SecurityFocus: 70364 - Microsoft Windows Kernel 'Win32k.sys' CVE-2014-4113 Local Privilege Escalation Vulnerability
Secunia: 60970
OSVDB: 113167
scip Labs: https://www.scip.ch/en/?labs.20140213
Misc.: 🔍
See also: 🔍
Entry
Created: 10/15/2014 11:43Updated: 04/25/2024 19:38
Changes: 10/15/2014 11:43 (85), 04/07/2017 15:04 (20), 02/22/2022 06:53 (3), 02/22/2022 07:05 (1), 04/25/2024 19:38 (23)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.